xpath injection in xml databases
DESCRIPTION
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.TRANSCRIPT
Xpath-Injection ?
XML Path or XPath is a language used for querying information from the nodes of an XML document.
XPath Injection is an attack technique used to exploit web sites that construct XPath queries from user-supplied input.
Impact of Xpath-Injection
An unauthenticated attacker may extract a complete XML document using XPath querying. This may compromise the integrity of your database and expose sensitive information.
Example of XML Document
Lets us take an example of an XML document called employees.xml and see how an XPath function can be used to retrieve information:
<?xml version="1.0" encoding="ISO-8859-1"?> <employees> <employee id=”1”> <loginID>Mike</loginID> <accountno>11123</accountno> <passwd>test123</passwd> <salary>468100</salary> </employee> <employee id=”2”> <loginID>john</loginID> <accountno>63458</accountno> <passwd>myownpass</passwd> <salary>559833</salary> </employee> </employees>
Xpath Expression
The function selectNodes takes as parameter the path-expression which will extract the value in the passwd node under the employee node from the employees.xml document.
The path expression for the passwd in this case is /employees/employee/passwd
Set xmlDoc=CreateObject("Microsoft.XMLDOM")
xmlDoc.async="false"
xmlDoc.load("employees.xml")xmlobject.selectNodes("/employees/employee/passwd/text()")
Xpath Expression….
The result of the above query will be
test123
When an application has to retrieve some information from the XML based on user input, it fires an XPath query which gets executed at the server.
xmlobject.selectNodes("/employees/employee/passwd/text()")